The hosting provider where I host this blog, VPS Farm, is closing up shop in two weeks. The owner is changing jobs and shutting it down. This means I have to find a new provider, and fast, or my handful of readers will be forever lost.
I have some local providers that I can turn to, so I hope to switch over to a new provider soon. With any luck the transition will be seamless but I’m sure a gremlin or two will pop up. Just bear with me. I promise that there isn’t much that can shut me up!
I just checked out my Apache logs and found this interesting entry:
184.108.40.206 – – [22/Oct/2012:13:21:25 -0400] “GET /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(0x6730306431),7,8,9,10,11,12– HTTP/1.1” 403 5043 “-” “Mozilla/3.0 (windows)”
It appears to be an exploit attempt against the Facebook Connect plugin.
Here’s a webpagethat shows how it works.
There are quite a few websites potentially vulnerable to this exploit. While it doesn’t appear to make Facebook itself vulnerable, it does compromise any WordPress blogs which use this plugin.
After several weeks of shocking revelations about Facebook accounts being hacked to say things their users never intended, needless to say I’m quite depressed about the state of social networks. I am actually considering shutting down my Facebook page since I can no longer be sure what I’m reading there is what my friends actually put there or instead the work of some outside (or inside) hacker.
There’s Google Plus, of course, but who’s to say that it couldn’t fall under the same spell (or under the same misfortune) that Facebook did?
What if there was another alternative, completely free and open? Sort of like an “RSS on steroids” that would share the content I created from a server I managed? What if it took the best of blogging, Twitter, and Facebook and tied it together with a flexible content-protection system that emulated “friends” or “circles” only it worked across separately-owned servers?
I was indirectly “Slashdotted” yesterday when Slashdot posted a link to the Mother Jones story about Mitt Romney Facebook hacking:
Why Do So Many Liberals “Like” Mitt Romney On Facebook?
Posted by samzenpus on Thursday October 11, @02:47PM
from the strange-bedfellows dept.
pigrabbitbear writes “Mother Jones reports that, ‘In recent weeks, a host of liberal types have complained that their Facebook accounts have erroneously “liked” Romney’s page, and some are floating the theory that the Romney campaign has deployed a virus or used other nefarious means to inflate the candidate’s online stature. This conspiratorial notion has spawned a Facebook community forum, and its own page: “Hacked By Mitt Romney” (cute url: facebook.com/MittYouDidntBuildThat)’ So what’s going on? Is the Romney campaign engaging in some tech wizardry to hijack Americans’ Facebook pages? Seems unlikely, but Romney did somehow manage to acquire millions of fake Twitter followers. But it looks like the Romney campaign isn’t behind this one — Facebook and its mobile app is.”
Actually, this was a Slashdot story that linked to another blog that linked to the Mother Jones story that linked to my site, so it’s not like MT.Net was Slashdotted. That’s why I didn’t notice a huge spike in traffic at my blog. The Hacked By Mitt Romney Facebook page url of http://www.facebook.com/MittYouDidntBuildThat did get mentioned prominently, though, which resulted in 57 new page likes or an overnight jump of 18%.
Of course, I can’t be completely sure these are real living, breathing persons after what I now know about Facebook likes, but that’s what Facebook tells me. Continue reading
Back in May, I got an unsolicited email from a consulting firm who had been hired by the main competitor of a company I used to work for in “the KVM space,” as business dweebs like to say. The consultant had been hired to “understand the current KVM market” and my post from 2007 predicting the death of KVM had caught his eye. The consultant wanted to pick my brain about the post and whether I had any other insights to share.
Being that he was working on behalf of a former competitor, initially I was reluctant to respond. I blame that competitor’s long-running lawsuit against my former employer for me getting laid off from the best job I ever had. Eventually, though, I decided to chat for a bit as it had been 5 years since I had written that and five years since I’d worked for that company.
I didn’t have much more to add to what I had written in 2007. I have worked in large datacenters in the meantime and my prediction has held up in every instance. The KVM market is dying if not already dead.
Earlier this week I received news that one of the employees I hired at my former employer just lost his job. While I don’t know all the details I have to wonder if that shrinking KVM market is to blame. Sad.
Those of you who follow MT.Net and also follow me through other tools like Twitter, LinkedIn, Google Plus, and Facebook might be interested to know how to filter my Tweets from this blog’s RSS feed. Simply change your RSS feed to point to this one:
… and the redundant posts from Twitter will disappear for you. (Tip discovered here.)
There was a long pause when I answered the phone this evening: a sure sign of a telemarketer. The number, 801-823-2033, wasn’t familiar, either. The woman on the other end soon came on, said she was with some survey company (perhaps Opinionology?) and wanted to ask a few questions. I agreed.
“Do you plan to vote for a candidate for president this year?” she asked.
“To ensure we have a representative sample, in what year were you born?” she asked.
“What county in North Carolina do you live in?” she asked.
There was a pause. “Lake?”
“Oh, Wake. Okay.”
There was a pause.
“Do you have a political blog or participate in political blogs?”
I stopped and considered that almost every other post here on MT.Net has something to do with politics. “Yes, I do,” I answered.
There was an even longer pause.
“Thanks for your participation in tonight’s survey. Have a good evening,” she cheerfully said before abruptly ending the call.
Weird. I wonder what it was about writing a political blog that apparently disqualified me as a survey respondent. I also wonder what that says about the respondents who don’t get disqualified.
An Internet acquaintance forwarded to me this email he received from our infographic-making friend Tony Shin:
From: Tony Shin email@example.com
Date: Sat, Mar 17, 2012 at 1:17 AM
Subject: A graphic on the ethics of the wealthy
To: blah blah blah at gmail.com
While I was searching for blogs and posts that have talked about social psychology, I came across your site and wanted to reach out to see if I could get your readership’s feedback on a graphic my team and I designed, which focuses on the studies found on how those socially and financially well-off behave unethically compared to the lower ladder.
If you’re interested, let’s connect.
The infographic in question can be viewed here.
This Google search on “infographic my team built” seems to find many of these spam emails posted on various websites.
Look closely and you’ll find a few sent by our friend Tony Shin, too. Here’s another, and another, and another.
Here’s a whole blog post of Tony Shin’s infographics. Here’s another.
Here’s another from Peter Kim. It was taken from the HackCollege.com website, which is (surprise!) also registered through Moniker:
Looks like I’m not the only one who’s gotten the mystery infographic emails. I found this post on blogger Andrew Gelman’s blog:
A personal bit of spam, just for me!
Posted by Andrew on 13 March 2012, 6:50 pm
I came across your site while searching for blogs and posts around American obesity and wanted to reach out to get your readership’s feedback on an infographic my team built which focuses on the obesity of America and where we could end up at the going rate.
If you’re interested, let’s connect. Have a great weekend!
I have to say, that’s pretty pitiful, to wish someone a “great weekend” on a Tuesday! This guy’s gotta ratchet up his sophistication a few notches if he ever wants to get a job as a spammer for a major software company, for example.
Similar formula. It’s pretty slick, actually.